You would need to configure this at the server level: Bedrock can’t really control this. Wordpress runs in your server’s public folder, therefore the files it needs (ie themes) are publicly accessible. For instance, images in your themes must have a publicly accessible url or they can’t be accessed by visitors.
Some suggestions are available around the forum on how to configure your server, ie here: How are you deploying this so that the vendor folder isn't exposed to the public?